JumpCloud now offers Open ID Connect (OIDC).
How OIDC Works
OIDC extends the OAuth protocol so that client services (your applications) verify user identities and exchange profile information through OpenID providers via RESTful APIs that dispatch JSON web tokens (JWTs) to share information during the authentication process. The providers are essentially authentication servers. Many developers are attracted to this approach because it’s highly scalable, flexible across platforms, and is relatively simple to implement. Its main components are a unique user ID workflow with OAuth underpinnings.
User Authentication
A resource owner (your users) authenticates and is authorized to access a client application by way of an authorization server that grants an access token that allows apps to receive consented information from a UserInfo endpoint. A UserInfo endpoint is a protected resource found on an OpenID server that contains claims (assertions) about each user in a JSON object. Authentication information is then encoded within an ID Token that’s received by the app. This information is cached for scalable performance and personalizes the end-user experience.
Built on OAuth 2.0 Protocol
OIDC is built on top of the OAuth 2.0 framework, which is a standard that grants third-party apps and service access to user ID resources. No user credentials are sent over the wire or stored on third-party servers, which increases security and ease of use for IT administrators.
To configure SAML/SSO, the typical workflow looks like this:
- Find out what the service provider requires.
- Configure the OIDC/SSO connector in JumpCloud.
- Configure the application in the service provider.
- Provision and authorize user access to the application.